"""Authentication stub for API key management.

This is a placeholder for the actual authentication implementation
which should be integrated with the main auth service (Epic 1).
"""

from typing import Dict, Optional
from fastapi import HTTPException, Security, Depends
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials


security = HTTPBearer(auto_error=False)  # 不自动抛出错误


async def get_current_user(
    credentials: Optional[HTTPAuthorizationCredentials] = Security(security)
) -> Dict:
    """Get current authenticated user.
    
    暂时跳过认证验证，直接返回测试用户
    
    Args:
        credentials: Optional bearer token (ignored for now)
        
    Returns:
        User information dictionary
    """
    # 直接返回测试用户，不验证token
    return {
        "sub": "user_123456",  # JWT标准的subject字段
        "id": "user_123456",   # 兼容性保留
        "email": "user@example.com",
        "username": "testuser",
        "is_admin": False
    }


async def require_admin(current_user: Dict = Depends(get_current_user)) -> Dict:
    """Require admin privileges.
    
    Args:
        current_user: Current authenticated user
        
    Returns:
        Admin user information
        
    Raises:
        HTTPException: If user is not an admin
    """
    if not current_user.get("is_admin"):
        raise HTTPException(status_code=403, detail="Admin access required")
    
    return current_user